Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ad60c061 authored by Bartosz Fabianowski's avatar Bartosz Fabianowski
Browse files

Add manufacturer and model to device ID attestation 

Discussions have shown that in addition to brand, device and product,
we should also allow devices to attest their manufacturer and model.

Bug: 36433192
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest

Change-Id: Idd48929d6a0c9fe6656c6d2656e2c3f6f370a21e
parent 6099e75d

core/java/android/security/keymaster/KeymasterDefs.java

+2 −0
Original line number Original line Diff line number Diff line
@@ -89,6 +89,8 @@ public final class KeymasterDefs { 
    public static final int KM_TAG_ATTESTATION_ID_SERIAL = KM_BYTES | 713;

    public static final int KM_TAG_ATTESTATION_ID_SERIAL = KM_BYTES | 713;

    public static final int KM_TAG_ATTESTATION_ID_IMEI = KM_BYTES | 714;

    public static final int KM_TAG_ATTESTATION_ID_IMEI = KM_BYTES | 714;

    public static final int KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715;

    public static final int KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715;

    public static final int KM_TAG_ATTESTATION_ID_MANUFACTURER = KM_BYTES | 716;

    public static final int KM_TAG_ATTESTATION_ID_MODEL = KM_BYTES | 717;





    public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;

    public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;

    public static final int KM_TAG_NONCE = KM_BYTES | 1001;

    public static final int KM_TAG_NONCE = KM_BYTES | 1001;

keystore/java/android/security/keystore/AttestationUtils.java

+7 −3
Original line number Original line Diff line number Diff line
@@ -81,9 +81,9 @@ public abstract class AttestationUtils { 
    /**

    /**

     * Performs attestation of the device's identifiers. This method returns a certificate chain

     * Performs attestation of the device's identifiers. This method returns a certificate chain

     * whose first element contains the requested device identifiers in an extension. The device's

     * whose first element contains the requested device identifiers in an extension. The device's

     * brand, device and product are always also included in the attestation. If the device supports

     * manufacturer, model, brand, device and product are always also included in the attestation.

     * attestation in secure hardware, the chain will be rooted at a trustworthy CA key. Otherwise,

     * If the device supports attestation in secure hardware, the chain will be rooted at a

     * the chain will be rooted at an untrusted certificate. See

     * trustworthy CA key. Otherwise, the chain will be rooted at an untrusted certificate. See

     * <a href="https://developer.android.com/training/articles/security-key-attestation.html">

     * <a href="https://developer.android.com/training/articles/security-key-attestation.html">

     * Key Attestation</a> for the format of the certificate extension.

     * Key Attestation</a> for the format of the certificate extension.

     * <p>

     * <p>
@@ -169,6 +169,10 @@ public abstract class AttestationUtils { 
                Build.DEVICE.getBytes(StandardCharsets.UTF_8));

                Build.DEVICE.getBytes(StandardCharsets.UTF_8));

        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT,

        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT,

                Build.PRODUCT.getBytes(StandardCharsets.UTF_8));

                Build.PRODUCT.getBytes(StandardCharsets.UTF_8));

        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MANUFACTURER,

                Build.MANUFACTURER.getBytes(StandardCharsets.UTF_8));

        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MODEL,

                Build.MODEL.getBytes(StandardCharsets.UTF_8));





        final KeyStore keyStore = KeyStore.getInstance();

        final KeyStore keyStore = KeyStore.getInstance();

        final String keyAlias = "android_internal_device_id_attestation-"

        final String keyAlias = "android_internal_device_id_attestation-"